Install a single Container Defender
Install Container Defender on each host that you want Prisma Cloud to protect.
Single Container Defenders can be configured in the Console UI, and then deployed with a curl-bash script.
Alternatively, you can use twistcli to configure and deploy Defender directly on a host.
Install a single Container Defender (Console UI)
Configure how a single Container Defender will be installed, and then install it with the resulting curl-bash script.
Prerequisites
:- Your system meets all minimum system requirements.
- Console can be accessed over the network from the host where you want to install Defender.
- You have sudo access to the host where Defender will be installed.
- Verify that the host machine where you install Defender can connect to Console.Copy the path to Console fromManage > System > Utilities.$ curl -sk -D - https://<CONSOLE_IP_ADDRESS>/api/v1/_pingIf curl returns an HTTP response status code of 200, you have connectivity to Console.Log into Console.Go toManage > Defenders > Deploy.
- In the first drop-down menu (2), select the way Defender connects to Console.A list of IP addresses and hostnames are pre-populated in the drop-down list. If none of the items are valid, go toManage > Defenders > Names, and add a new Subject Alternative Name (SAN) to Console’s certificate. After adding a SAN, your IP address or hostname will be available in the drop-down list.Selecting an IP address in a evaluation setup is acceptable, but using a DNS name is more resilient. If you select Console’s IP address, and Console’s IP address changes, your Defenders will no longer be able to communicate with Console.
- (Optional) Set a proxy (3) for the Defender to use for the communication with the Console.
- (Optional) Set a custom communication port (4) for the Defender to use.
- (Optional) SetAssign globally unique names to HoststoONwhen you have multiple hosts that can have the same hostname.After setting the toggle toON, Prisma Cloud appends a unique identifier, such as ResourceId, to the host’s DNS name. For example, an AWS EC2 host would have the following name: Ip-171-29-1-244.ec2internal-i-04a1dcee6bd148e2d.
- In the second drop-down list (5), select the Defender type. Both Linux and Windows platforms are supported.
- In the third drop-down list (6), leave the listener type set toNone.
- In the final field (7), copy the install command, which is generated according to the options you selected.
On the host where you want to install Defender, paste the command into a shell window, and run it.
Install a single Container Defender (twistcli)
Use twistcli to install a single Container Defender on a Linux host.
Prerequisites
:- Your system meets all minimum system requirements.
- Console can be accessed over the network from the host where you want to install Defender.
- You have sudo access to the host where Defender will be installed.
- You’ve created a service account with the Defender Manager role. twistcl uses the service account to access Console.
- Verify that the host machine where you install Defender can connect to Console.Copy the path to Console fromManage > System > Utilities.$ curl -sk -D - https://<CONSOLE>/api/v1/_pingIf curl returns an HTTP response status code of 200, you have connectivity to Console.SSH to the host where you want to install Defender.Download twistcli.$ curl -k \ -u <USER> \ -L \ -o twistcli \ https://<CONSOLE>/api/v1/util/twistcliMake the twistcli binary executable.$ chmod a+x ./twistcliInstall Defender.$ sudo ./twistcli defender install standalone container-linux \ --address https://<CONSOLE> \ --user <USER>Verify Defender was installed correctly.$ sudo docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 677c9883c4b6 twistlock/private:defender_21_04_333 "/usr/local/bin/defe…" 11 seconds ago Up 10 seconds twistlock_defender_21_04_333Verify the installVerify that Defender is installed and connected to Console.Defender can be deployed and run with full functionality when dockerd is configured with SELinux enabled (--selinux-enabled=true). All features will work normally and without any additional configuration steps required. Prisma Cloud automatically detects the SELinux configuration on a per-host basis and self-configures itself as needed. No action is needed from the user.
- In Console, go toManage > Defenders > Manage.Your new Defender should be listed in the table, and the status box should be green and checked.
Most Popular
Recommended For You
Recommended Videos
Recommended videos not found.